2days ago(installed net nanny)
and here is that main notepad scan:;;
Deckard's System Scanner v20071014.68
Run by Hamza on 2008-02-12 05:57:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
21: 2008-02-12 01:58:43 UTC - RP21 - Deckard's System Scanner Restore Point
20: 2008-02-10 17:42:19 UTC - RP20 - Software Distribution Service 3.0
19: 2008-02-10 16:54:12 UTC - RP19 - Software Distribution Service 3.0
18: 2008-02-10 12:49:56 UTC - RP18 - ComboFix created restore point
17: 2008-02-10 12:41:36 UTC - RP17 - Removed Java(TM) 6 Update 3
-- First Restore Point --
1: 2008-02-06 15:27:40 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 85% (more than 75%).Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Hamza.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:05, on 2008-02-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Installing programs\downloads\dss.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hamza.exe
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O15 - Trusted Zone:
http://www.cricinfo.comO15 - Trusted Zone:
http://www.google.aeO15 - Trusted Zone:
http://www.vr4network.comO15 - Trusted Zone:
http://www.vr4upload100.comO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b31267.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b31267.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} -
http://install.wildtangent.com/ActiveLa ... uncher.cabO16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) -
http://www.nanoscan.com/as/cabs/ascstubie.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.safety.live.com/resourc ... se8460.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 1979666718O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b31267.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b31267.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100O17 - HKLM\System\CCS\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
--
End of file - 9972 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080131-195724-916 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
backup-20080131-195912-342 O1 - Hosts: 69.57.152.127 auto.search.msn.com
backup-20080131-195912-528 O1 - Hosts: 69.57.152.127 auto.search.msn.es
backup-20080131-195912-531 O18 - Filter hijack: text/html - (no CLSID) - (no file)
backup-20080131-195912-538 O4 - HKCU\..\Run: [Dash Axis] C:\DOCUME~1\Hamza\APPLIC~1\SHIMRE~1\Type Poke Title.exe
backup-20080131-195912-560 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
backup-20080131-195912-670 O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
backup-20080131-195912-737 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080131-195912-869 O4 - HKLM\..\Run: [STYLENURBLOGOLITE] C:\Documents and Settings\All Users\Application Data\Liveinfostylenurb\Title first.exe
backup-20080131-195912-923 O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>
S3 catchme - c:\docume~1\hamza\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 PIXMCV (JVC Communication PIX-MCV Driver) - c:\windows\system32\drivers\pixmcvc.sys <Not Verified; Pixela; PIX-MCV Communication Driver (WinMe/2000/XP)>
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CwAltaService20 (ContentWatch) - c:\program files\contentwatch\internet protection\cwsvc.exe <Not Verified; ContentWatch, Inc.; Alta>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-01-12 and 2008-02-12 -----------------------------
2008-02-11 16:03:28 0 drahs---- C:\autorun.inf
2008-02-10 18:24:06 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\KRyLack Password Recovery
2008-02-10 18:17:30 0 d-------- C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-02-10 18:17:29 0 d-------- C:\Documents and Settings\Guest\Application Data\Sereniti
2008-02-10 18:07:32 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Macromedia
2008-02-10 18:07:09 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Adobe
2008-02-10 18:05:39 0 dr-h----- C:\Documents and Settings\Hamza_2\Application Data\yahoo!
2008-02-10 18:04:26 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Google
2008-02-10 17:44:35 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\SiteAdvisor
2008-02-10 17:44:35 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Sereniti
2008-02-10 17:44:27 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Real
2008-02-10 17:43:54 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Identities
2008-02-10 17:42:55 0 dr-h----- C:\Documents and Settings\Hamza_2\SendTo
2008-02-10 17:42:55 0 dr-h----- C:\Documents and Settings\Hamza_2\Recent
2008-02-10 17:42:55 0 d--h----- C:\Documents and Settings\Hamza_2\PrintHood
2008-02-10 17:42:55 0 d--h----- C:\Documents and Settings\Hamza_2\NetHood
2008-02-10 17:42:55 0 dr------- C:\Documents and Settings\Hamza_2\My Documents
2008-02-10 17:42:55 0 d--h----- C:\Documents and Settings\Hamza_2\Local Settings
2008-02-10 17:42:55 0 dr------- C:\Documents and Settings\Hamza_2\Favorites
2008-02-10 17:42:55 0 d-------- C:\Documents and Settings\Hamza_2\Desktop
2008-02-10 17:42:55 0 d---s---- C:\Documents and Settings\Hamza_2\Cookies
2008-02-10 17:42:55 0 dr-h----- C:\Documents and Settings\Hamza_2\Application Data
2008-02-10 17:42:55 0 d---s---- C:\Documents and Settings\Hamza_2\Application Data\Microsoft
2008-02-10 17:42:54 0 d--h----- C:\Documents and Settings\Hamza_2\Templates
2008-02-10 17:42:54 0 dr------- C:\Documents and Settings\Hamza_2\Start Menu
2008-02-10 17:42:54 1572864 --ah----- C:\Documents and Settings\Hamza_2\NTUSER.DAT
2008-02-10 17:41:07 0 d-------- C:\Documents and Settings\LocalService\ContentWatch
2008-02-10 17:38:52 2048000 --a------ C:\WINDOWS\system32\python25.dll <Not Verified; Python Software Foundation; Python>
2008-02-10 17:38:48 295424 --a------ C:\WINDOWS\system32\wxIE.dll <Not Verified; ContentWatch, Inc.; Alta>
2008-02-10 17:38:48 40960 --a------ C:\WINDOWS\system32\SPORDER.EXE <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-02-10 17:38:45 908288 --a------ C:\WINDOWS\system32\libxml2_CW.dll
2008-02-10 17:38:45 151552 --a------ C:\WINDOWS\system32\libexpat.dll
2008-02-10 17:38:43 346624 --a------ C:\WINDOWS\system32\cwalsp.dll <Not Verified; ContentWatch, Inc.; Alta>
2008-02-10 17:38:43 1843200 --a------ C:\WINDOWS\system32\AltaRecovery.exe <Not Verified; ContentWatch, Inc.; Alta>
2008-02-10 17:38:41 516096 --a------ C:\WINDOWS\system32\wxmsw28u_xrc_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:41 110592 --a------ C:\WINDOWS\system32\wxmsw28u_media_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:41 495616 --a------ C:\WINDOWS\system32\wxmsw28u_html_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:41 2899968 --a------ C:\WINDOWS\system32\wxmsw28u_core_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:40 712704 --a------ C:\WINDOWS\system32\wxmsw28u_adv_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:40 135168 --a------ C:\WINDOWS\system32\wxbase28u_xml_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:40 1220608 --a------ C:\WINDOWS\system32\wxbase28u_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:40 135168 --a------ C:\WINDOWS\system32\wxbase28u_net_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:36 0 d-------- C:\Program Files\ContentWatch
2008-02-10 17:38:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ContentWatch
2008-02-10 17:37:09 0 d-------- C:\Documents and Settings\Hamza\ContentWatch
2008-02-09 15:30:23 0 d-------- C:\Program Files\Panda Security
2008-02-07 21:35:40 0 d-------- C:\Documents and Settings\Hamza\Application Data\Malwarebytes
2008-02-07 21:35:34 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-07 21:35:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-07 21:00:55 0 d-------- C:\WINDOWS\ERUNT
2008-02-07 19:35:05 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-07 19:35:05 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-07 19:34:17 148256 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-07 19:34:17 3343904 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-07 19:34:16 0 d-------- C:\Program Files\Kaspersky Lab
2008-02-07 18:18:45 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-07 18:18:45 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-07 18:18:45 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-07 18:18:45 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-07 17:40:27 0 d-------- C:\kav
2008-02-07 17:13:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-07 17:12:58 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-07 16:12:53 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-02-07 16:12:52 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-07 16:12:38 0 d-------- C:\Program Files\SiteAdvisor
2008-02-07 16:12:25 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-07 16:12:24 0 d-------- C:\Documents and Settings\Hamza\Application Data\SiteAdvisor
2008-02-07 16:12:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-07 10:59:57 0 dr-h----- C:\$VAULT$.AVG
2008-02-06 19:53:33 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-02-06 19:15:18 0 d-------- C:\WINDOWS\Prefetch
2008-02-06 17:06:04 0 d-------- C:\WINDOWS\setup.pss
2008-02-05 17:22:22 0 d-------- C:\Program Files\ACW
2008-02-04 16:10:12 2518 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-04 16:09:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-04 16:09:54 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-04 16:09:54 83456 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-04 16:09:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-04 16:09:54 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-02-04 16:09:54 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-04 16:09:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-03 21:07:11 0 d--hs---- C:\WINDOWS\CSC
2008-02-02 09:52:01 0 d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-02-01 20:10:04 70129 --a------ C:\AVG7QT.DAT
2008-02-01 19:58:43 0 d-------- C:\Documents and Settings\Hamza\Application Data\AVG7
2008-02-01 19:58:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-01 19:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-01 15:08:46 0 d-------- C:\Program Files\ZoneAlarmSB
2008-02-01 15:07:51 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-01 15:07:41 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-02-01 15:07:13 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-01 15:06:24 0 d-------- C:\WINDOWS\Internet Logs
2008-02-01 12:32:56 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-01 11:48:09 0 d-------- C:\Program Files\Premium Booster
2008-02-01 11:43:38 0 d-------- C:\Program Files\Advanced Registry Doctor
2008-02-01 11:08:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 17:45:00 0 d-------- C:\Program Files\SpeedFan
2008-01-31 16:20:38 0 d--hs---- C:\FOUND.000
2008-01-31 15:31:20 0 d-------- C:\Program Files\Common Files\PC Tools
2008-01-31 15:31:16 0 d-------- C:\Program Files\PC Tools AntiVirus
2008-01-29 20:31:25 0 d-------- C:\Program Files\filesubmit
2008-01-24 18:14:24 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-01-18 15:21:40 0 d-------- C:\Program Files\NoAdware5.0
2008-01-14 15:00:55 0 d-------- C:\Program Files\MSXML 4.0
2008-01-13 18:16:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-13 18:13:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
-- Find3M Report ---------------------------------------------------------------
2008-02-10 16:42:04 0 d-------- C:\Program Files\Common Files
2008-02-07 19:02:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-07 16:21:16 0 d-------- C:\Documents and Settings\Hamza\Application Data\Adobe
2008-02-07 10:59:58 0 d-------- C:\Program Files\FlyFF Resource Manager
2008-02-06 18:53:27 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-31 16:55:00 68245 --a------ C:\Documents and Settings\Hamza\Application Data\NMM-MetaData.db
2008-01-03 11:51:16 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-03 11:51:16 286720 --a------ C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-01-01 00:15:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-21 13:58:20 0 d-------- C:\Program Files\Security Task Manager
2007-12-21 12:57:12 0 d-------- C:\Program Files\Abexo
2007-12-17 17:26:50 0 d-------- C:\Program Files\Microsoft Works
2007-12-17 17:26:38 0 d-------- C:\Program Files\MSBuild
2007-12-17 17:25:28 0 d-------- C:\Program Files\Microsoft.NET
2007-12-17 17:19:02 0 d-------- C:\Program Files\Microsoft Visual Studio 8
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-01 15:08 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-01 15:08 262144]
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:50]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 14:13]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 04:53 C:\WINDOWS\SOUNDMAN.EXE]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-05 01:03]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43]
"cwcptray"="C:\Program Files\ContentWatch\Internet Protection\cwtray.exe" [2007-10-17 09:42]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]
C:\Documents and Settings\Hamza\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-26 11:44:09]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-26 20:51:38]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"STI Simulator"=2 (0x2)
"StarWindService"=2 (0x2)
"SLService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"aawservice"=2 (0x2)
-- End of Deckard's System Scanner: finished at 2008-02-12 06:11:18 ------------
and here is the extra:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 509.8 MiB / 98.56 MiB
Pagefile Memory (total/avail): 1247.84 MiB / 859.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.14 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 18.16 GiB free.
D: is Fixed (NTFS) - 45.23 GiB total, 37.17 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800JB-00FMA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 45.23 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
AV: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Hamza\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HAMZA
ComSpec=C:\WINDOWS\system32\cmd.exe
CWALTAHOME=C:\Program Files\ContentWatch
DXSDK_DIR=C:\Program Files\Microsoft DirectX SDK (November 2007)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Hamza
LOGONSERVER=\\HAMZA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Microsoft DirectX SDK (November 2007)\Utilities\Bin\x86;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Hamza\LOCALS~1\Temp
TMP=C:\DOCUME~1\Hamza\LOCALS~1\Temp
USERDOMAIN=HAMZA
USERNAME=Hamza
USERPROFILE=C:\Documents and Settings\Hamza
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Hamza
(admin)Hamza_2
Administrator
(admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.20 --> "C:\Program Files\7-Zip\Uninstall.exe"
Active Security Monitor 2.0.0.18 --> "C:\Program Files\AOL\Active Security Monitor\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
BiniQDU --> C:\WINDOWS\st6unst.exe -n "c:\BINIQDU\ST6UNST.LOG"
Browser Optimizer Rightonadz --> C:\WINDOWS\system32\rightonadz-uninst.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drug Lord 2 --> C:\Program Files\Drug Lord 2\druglord2.exe remove
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Feeding Frenzy 2 --> C:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG
FlyFF Resource Manager --> "C:\Program Files\FlyFF Resource Manager\Uninstaller.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Gutterball 2 --> "C:\Program Files\Gutterball 2\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HyperCam 2 --> d:\Hypercam\UnHyCam2.exe
ImageMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{879EF0D8-59CB-45DD-8A69-F27AFE09C08D}\Setup.exe" -l0x9
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IsoBuster 1.9.1 --> "D:\Installing programs\IsoBuster\Uninst\unins000.exe"
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KRyLack Password Recovery --> MsiExec.exe /I{DB4A269D-7CDD-4FD8-8F08-335DDF5217C3}
Magic Ball 2 New Worlds --> C:\PROGRA~1\GAMEHO~1\MAGICB~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAGICB~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6253\uninstall.exe
Microsoft DirectX SDK (November 2007) --> MsiExec.exe /I{CA97B421-06CB-4040-8EC9-6ED02EA87930}
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Logo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF149A60-8F5A-4632-B5DE-EC35BCB5ADFC}\Setup.exe"
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero 7 Premium --> MsiExec.exe /I{8C30E1DC-D83E-4A90-AD02-1A275FC71033}
Net Nanny Parental Controls 5.6 --> "C:\Program Files\ContentWatch\Internet Protection\ContentProtect\Home\unins000.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia Software Updater --> MsiExec.exe /X{3741689E-584D-40C9-B011-373A0371846D}
On2 VP7 Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
pak.zip --> C:\PROGRA~1\FILESU~1\pak.zip\UNWISE.EXE C:\PROGRA~1\FILESU~1\pak.zip\INSTALL.LOG
Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
Premium Booster --> C:\Program Files\Premium Booster\Uninstall Premium Booster.exe
Quake 3 Arena Demo --> C:\WINDOWS\unvise32.exe d:\games\uninstal.log
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ronaldo screensaver --> C:\WINDOWS\ronaldo screensaver.scr /u
Scientific-Atlanta WebSTAR 2000 series Cable Modem --> UNDPX2A.EXE
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Snooker147 & Poolster (Shareware Demo) 1.3 --> C:\WINDOWS\uninst.exe -f"d:\snooker world\snooker 147 1.3\DeIsL1.isu"
Snooker147 1.0 (Shareware) --> C:\WINDOWS\uninst.exe -f"d:\snooker world\snooker 147\DeIsL1.isu"
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
Upshift StrikeRacer --> D:\Upshift StrikeRacer\uninst.exe
VideoCAM GF112 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{088B7BF8-AC95-4348-B77B-619AEB3A74A5} /l1033
VP6 Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}\Setup.exe" -l0x9
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
WinRAR archiver --> D:\Installing programs\Winrar\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XMLinst --> MsiExec.exe /I{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
-- Application Event Log -------------------------------------------------------
Event Record #/Type41470 / Warning
Event Submitted/Written: 02/11/2008 08:30:26 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type41442 / Error
Event Submitted/Written: 02/10/2008 06:27:24 PM
Event ID/Source: 11913 / MsiInstaller
Event Description:
Product: KRyLack Password Recovery -- Error 1913. Could not update the ini file C:\Program Files\KRyLack Password Recovery\update.ini. Verify that the file exists and that you can access it.
Event Record #/Type41441 / Error
Event Submitted/Written: 02/10/2008 06:27:23 PM
Event ID/Source: 11913 / MsiInstaller
Event Description:
Product: KRyLack Password Recovery -- Error 1913. Could not update the ini file C:\Program Files\KRyLack Password Recovery\update.ini. Verify that the file exists and that you can access it.
Event Record #/Type41440 / Error
Event Submitted/Written: 02/10/2008 06:27:23 PM
Event ID/Source: 11913 / MsiInstaller
Event Description:
Product: KRyLack Password Recovery -- Error 1913. Could not update the ini file C:\Program Files\KRyLack Password Recovery\update.ini. Verify that the file exists and that you can access it.
Event Record #/Type41439 / Error
Event Submitted/Written: 02/10/2008 06:27:22 PM
Event ID/Source: 11913 / MsiInstaller
Event Description:
Product: KRyLack Password Recovery -- Error 1913. Could not update the ini file C:\Program Files\KRyLack Password Recovery\update.ini. Verify that the file exists and that you can access it.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type91126 / Error
Event Submitted/Written: 02/11/2008 06:35:45 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
kl1
klif
sptd
Event Record #/Type91125 / Error
Event Submitted/Written: 02/11/2008 06:35:18 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type91124 / Error
Event Submitted/Written: 02/11/2008 06:35:17 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
Event Record #/Type91122 / Error
Event Submitted/Written: 02/11/2008 06:33:44 PM / 02/11/2008 06:34:44 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .
Event Record #/Type91118 / Error
Event Submitted/Written: 02/11/2008 06:25:57 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service ServiceLayer with arguments ""
in order to run the server:
{ACF50018-41F8-476D-85FD-CD953DAE4A49}
-- End of Deckard's System Scanner: finished at 2008-02-12 06:11:18 ------------